<?php
	Connection::getConnect();
	if (COUNT($_POST)){
		if ($this->get('uploading')){
            $id= $this->get('id');
			$c = 0;
			if (COUNT($_FILES['image']['name']) < 2)
			{
				echo "Item photo and thumbnail are required.";
				exit;
			}
			foreach ($_FILES['image']['name'] as $key => $tmp_name )
			{
				if ( isset($key) ){
					$extensions = array("jpeg","jpg","png");  
        			$image_type = $_FILES['image']['type'][$key];
					$info = pathinfo($_FILES['image']['name'][$key]); 
					list($width, $height) = getimagesize($_FILES['image']['tmp_name'][$key]);
                    if (in_array($info["extension"],$extensions ) === false)
					{
						echo "File Format not Supported '" . $info["extension"] . "'.";
        				exit;
                    } 
					if ($width > 500 && $height > 500 && !$c)
					{
						echo "Image format must be with in 500x500 dimension";
        				exit;
					} else 
					if ($width > 150 && $height > 150 && $c)
					{
						echo "Image format must be with in 150x150 dimension";
        				exit;
					}
					$c++;
				}
			}
			$c = 0;
			foreach ($_FILES['image']['name'] as $key => $tmp_name )
			{
				if ( isset($key) ){
            		$image_blob = addslashes(file_get_contents($_FILES['image']['tmp_name'][$key])); //SQL Injection defence!
					if ($c++ == 0)
						$sql = "UPDATE item_details SET photo='{$image_blob}' WHERE iid=$id";
					else
						$sql = "UPDATE item_details SET thumbnail='{$image_blob}' WHERE iid=$id";
					Connection::setQuery($sql);
				}
			}
			//print_r($_FILES);
			exit;
		}
	}
    if (COUNT($_GET))
    {
        $id  = $this->get('id');
        $table  = $this->get('from');
		$column = $this->get('get');
		$idn = $this->get('name');
        $sql = "SELECT $column FROM $table WHERE $idn = $id";
        Connection::setQuery($sql);
        $row   = Connection::fetch();
        $image = $row[0];
        if ($image == null)
        {
            $sql = "SELECT avatar FROM login WHERE aid = 10000";
            Connection::setQuery($sql);
            $row   = Connection::fetch();
            $image = $row['avatar'];
        } //$image == null
    } //COUNT($_GET)
?>